This CPE summary could be partial or incomplete. Please contact us for a detailed listing.


Vendor Sqlite First view 2019-03-22
Product Sqlite Last view 2021-03-23
Version 3.27.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
CPE Product cpe:2.3:a:sqlite:sqlite

Activity : Overall

Related : CVE

  Date Alert Description
5.5 2021-03-23 CVE-2021-20227

A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.

5.5 2020-06-27 CVE-2020-15358

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

5.5 2020-05-27 CVE-2020-13632

ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.

5.5 2020-05-27 CVE-2020-13631

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.

7 2020-05-27 CVE-2020-13630

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.

5.5 2020-05-24 CVE-2020-13435

SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.

5.5 2020-05-24 CVE-2020-13434

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

9.8 2020-04-09 CVE-2020-11656

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

7.5 2020-04-09 CVE-2020-11655

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

9.8 2019-12-09 CVE-2019-19646

pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.

5.5 2019-12-09 CVE-2019-19645

alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.

6.5 2019-09-09 CVE-2019-16168

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

9.8 2019-05-30 CVE-2019-8457

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

7.5 2019-03-22 CVE-2019-9937

In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.

7.5 2019-03-22 CVE-2019-9936

In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.

CWE : Common Weakness Enumeration

21% (3) CWE-476 NULL Pointer Dereference
21% (3) CWE-416 Use After Free
14% (2) CWE-125 Out-of-bounds Read
7% (1) CWE-787 Out-of-bounds Write
7% (1) CWE-754 Improper Check for Unusual or Exceptional Conditions
7% (1) CWE-674 Uncontrolled Recursion
7% (1) CWE-665 Improper Initialization
7% (1) CWE-369 Divide By Zero
7% (1) CWE-190 Integer Overflow or Wraparound